SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
United Kingdom

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Worried businessperson broken computer warning symbols cyber attacks uk firms insecure code
#
Software Development
#
Education, Learning & Training
#
Cyber attacks

Most UK firms suffer cyber breaches due to insecure code flaws

Wed, 20th Aug 2025
Author image
By Jed Nykolle Harme, Editor

Research from SecureFlag has identified a significant prevalence of cyber breaches in the UK resulting from insecure code, with many organisations lacking adequate training for developers.

A survey conducted by SecureFlag among 100 UK C-suite and technology leaders found that 67% of organisations had experienced at least one cybersecurity breach or serious incident in the last year due to insecure coding practices. Almost half of these companies reported multiple incidents within the same timeframe, highlighting persistent vulnerabilities in software development processes.

Training gaps

The survey also revealed that 40% of organisations do not require their developers to undertake regular secure coding training. This shortfall persists despite repeated warnings from security experts and mounting evidence that attackers are exploiting gaps in software security training.

This should be a wake-up call for every business that develops software. It's frankly shocking that in 2025 so many breaches are still happening because of avoidable coding flaws. Our survey exposes a clear and present danger: too many development teams lack the security training to prevent vulnerabilities, and attackers are exploiting that gap. The message is loud and clear – without a serious investment in developer education, organisations will continue to be at risk.

The above statement was made by Andrea Scaduto, Chief Executive Officer and co-founder of SecureFlag, who expressed concern over the persistence of breaches related to avoidable security weaknesses.

Awareness and action

The survey highlighted a noticeable disconnect between executives' awareness of the threats posed by insecure code and the measures put in place to mitigate them. While 88% of senior leaders surveyed recognised that poor coding practices are a significant risk to their business, far fewer have implemented comprehensive, ongoing secure coding training programmes. Only about one-third of companies currently offer continuous, hands-on secure coding education for their teams, and just 29% expressed a high degree of confidence in their developers' abilities to produce secure code from the outset.

According to survey participants, common barriers to more frequent training included limited time, restricted budgets, and a lack of in-house expertise. Several respondents indicated that where incidents had taken place, the consequences included exposure of customer data, disruption to services, and financial losses.

Industry context

The findings from SecureFlag's study closely mirror broader industry trends. The UK government's most recent Cyber Security Breaches Survey reported that 43% of businesses had fallen victim to a cyber attack or breach in the past year. SecureFlag's survey attributed many such incidents to insecure code, naming common issues such as developers inadvertently introducing vulnerabilities like SQL injection flaws or implementing insecure authentication controls. Insufficient code review or testing processes were also cited as factors allowing problems to go undetected before deployment.

Call to prioritise training

The fact that so many organizations are being compromised through code errors is alarming. Breaches stemming from coding mistakes are preventable – but only if companies invest in proper training. We urge businesses not to wait for a disaster. Ensuring your developers can recognize and avoid vulnerabilities must be a top priority. It's far cheaper to train a developer than to clean up after a breach.

Emilio Pinna, Chief Technology Officer and co-founder of SecureFlag, emphasised the need for preventative action through education and highlighted the comparative affordability of training versus remediation after a breach has occurred.

SecureFlag, in response to the findings, is intensifying its efforts to assist organisations in raising the skillset of their development teams through practical secure coding training. The company's approach aims to ensure that considerations for security are embedded from the beginning of the software development lifecycle, rather than being addressed reactively after vulnerabilities are exposed.

The survey serves as a warning to the wider industry to address training deficiencies and make investment in secure development practices a business priority.

Related stories
Finalists revealed for 2025 everywoman in Tech Awards
Ripjar appoints Matt Mills as Chief Executive Officer
SYTECH workshop sparks global interest in digital forensics
BT opens 2026 tech careers at flagship Salford hub
Bitdefender warns OpenClaw AI skills rife with malware

Top stories

Kerala crackdown targets online child abuse networks
Fireblocks & Thales deepen bank crypto key control
SentinelOne debuts lifecycle platform for AI security
Synology gains ISO 27001:2022 for security management
Dark web ‘fraud superstore’ struggles with AI checks